Documentation – Vault3R Password Manager

Introduction

Vault3R is a cross-platform, zero-knowledge password manager. All data is encrypted locally on your device — no cloud, no accounts, no subscriptions.

Platforms: Windows 10/11 (WPF / .NET 8), Android 8.0+ (Kotlin / Jetpack Compose) & iOS 16+ (Swift / SwiftUI)
Storage: Local device only (%AppData%\Vault3R on Windows, app-private on Android, app sandbox on iOS)
Versions: Desktop 4.4.1 • Android 4.4.1 • iOS 4.4.1
Last updated: February 18, 2026

Key features

🔐 AES-256-GCM

Authenticated encryption with PBKDF2-SHA256 (200,000 iterations). Per-entry encryption — each password is encrypted independently.

🔄 Encrypted Sync

End-to-end encrypted vault transfer between Desktop, Android & iOS via ephemeral relay. Zero knowledge — the server never sees your data.

⚡ Autofill

Android system-wide autofill for Chrome, Firefox, Edge, Brave, Opera, Samsung Internet. Inline suggestions on Android 11+.

🔑 Quick Unlock

PIN (6-8 digits), biometric (fingerprint/face), or TOTP (Google Authenticator) — without typing the master password.

🛡️ Vault Health

Audit weak, reused, and breached passwords. Integrated Have I Been Pwned (HIBP) check using k-anonymity.

📝 Secure Notes

Encrypted notes with tags, search, and timestamps. Stored inside the vault alongside passwords.

🎨 11 Themes

8 free + 3 premium themes with glow effects. Identical look on Desktop and Android.

📦 Portable Backup

Export/import via .vlt (encrypted), .csv, or .json. Compatible between Desktop and Android.

⏱️ TOTP Generator

Built-in TOTP code generator (RFC 6238). Supports SHA-1/SHA-256/SHA-512 and otpauth:// URIs.

Important: Vault3R stores data locally. If you forget the master password, there is no recovery method for encrypted data.

Installation (Windows)

Requirements

Component	Requirement
OS	Windows 10 (64-bit) or Windows 11
Runtime	.NET 8 Desktop Runtime (x64)
RAM	4 GB minimum (8 GB recommended)
Disk	~50 MB (portable) or ~500 MB (self-contained)

Portable (recommended)

Download Vault3R_portable.zip from the home page.
Extract to any folder (e.g. C:\Tools\Vault3R).
Run Vault3R.exe.
No installation required — the app is fully portable.

Installer

Download Vault3R_Setup.exe.
Run the installer (per-user, no admin required).
Launch from Start menu or desktop shortcut.

Tip: Data is stored in %AppData%\Vault3R, not in the app folder. You can move the executable freely without losing your vault.

Updates

Check for updates: Settings → About → Check for Updates. If a new version is available, the app opens the download page.

Installation (Android)

Requirements

Component	Requirement
OS	Android 8.0 (API 26) or higher
Storage	~30 MB
Optional	Biometric sensor (fingerprint / face)

Install from APK

Download Vault3R_Android.apk from get.vault3r.pl.
On your phone: Settings → Security → allow installing from unknown sources for your browser.
Open the downloaded APK and tap Install.
Launch Vault3R.

Updates: The app checks for updates automatically at launch. When available, tap Download to get the latest APK.

Installation (iOS)

Requirements

Component	Requirement
OS	iOS 16.0 or higher
Storage	~10 MB
Optional	Face ID / Touch ID

Install via sideload (IPA)

Download Vault3R_iOS.ipa from get.vault3r.pl.
Install using AltStore, SideLoadly, or TrollStore.
Trust the developer certificate if prompted: Settings → General → VPN & Device Management.
Launch Vault3R.

Note: Sideloaded apps via AltStore require re-signing every 7 days (free Apple ID) or 365 days (paid Apple Developer account).

Features

Face ID / Touch ID unlock
PIN unlock (6-8 digits with Secure Enclave protection)
AutoFill extension (Safari & apps)
Encrypted device sync with Windows & Android
Secure Notes, TOTP, Vault Health
11 themes (identical to Desktop & Android)

First run

Create a new vault

Open Vault3R.
Click New Vault (or Create Vault on Android).
Enter your master password (minimum 6 characters) and confirm it.
On Android/iOS: set a PIN (6-8 digits) and optionally enable biometrics.

Restore from backup

On the login screen, choose Restore from backup (.vlt).
Select the .vlt file.
Enter the master password from when the backup was created.

Master password: There is no way to recover it. Choose one you will remember. Consider writing it down and storing it safely offline.

Trial & license

Windows — trial mode

7 days free trial from first launch — full functionality.
After trial expiry, the app requires a license key to continue.

Activation

Purchase a license at get.vault3r.pl (~$5 USD, Stellar XLM).
The license key (V3R-XXXX-XXXX-XXXX-XXXX-XXXX) will be emailed to you.
In the app: 🔑 Activate License → paste the key → Activate.

License details: One-time payment, lifetime, per-device. Stored in %AppData%\Vault3R\license.lic. Internet required for activation only.

Premium features

3 premium themes: Premium Metal, Premium Dark, Premium Navy (with glow effects)
All functionality is identical between trial and licensed (except premium themes)

Android

Android is free during the open beta. Same license key works on Android for premium themes.

Desktop — Main window

The main window is your command center. It contains a sidebar with categories, a toolbar, and the password list.

Login methods

The app automatically selects the fastest unlock method (in order of preference):

Method	When used	Details
TOTP	If configured	6-digit code from authenticator app
PIN	If set (and no TOTP)	6-8 digit numeric PIN
Master Password	Always available	Full password (click "← Use Master Password")

Sidebar categories

All — every entry in the vault
Favorites — entries marked with ⭐
Custom categories — auto-generated from entry categories
▲ / ▼ buttons — reorder categories (order is saved)

Password list columns

Column	Description
Avatar	First letter of entry name
Name	Entry title
Login	Username / email
Password	Masked `••••••••` with 👁 (reveal 10s) and 📋 (copy 30s)
URL	Domain with 🌐 link button
Category / Tags / Notes	Metadata

Toolbar

Button	Action
➕ Add	Add new password entry
✏️ Edit	Edit selected entry
🗑️ Delete	Delete with confirmation
⭐ Favorite	Toggle favorite
🔑 License	Activate license key
⋯ More	Full menu (see below)

"More" menu

Copy Password, Launch URL, Generate Password, Secure Notes, Vault Health, Settings, Import/Export, Sync Send/Receive, Backups, Change Password, Lock Now, Panic Mode, Logout.

Desktop — Password entries

Adding an entry

Click ➕ Add or use the menu.
Fill in the form: Name, Login/Email, Password (required). Optional: URL, Category, Tags, Notes.
Use the "Gen." button to generate a strong password.
Click Save.

Copying a password

Click the 📋 icon next to any password.
The password is copied to clipboard for 30 seconds, then automatically cleared.
The password is excluded from Windows Clipboard History (Win+V) and cloud sync.

Revealing a password

Click the 👁 icon — password is visible for 10 seconds, then auto-hides.

Desktop — Secure Notes

Menu → Secure Notes.
Left panel: list with search. Right panel: editor.
Click New Note → fill title, tags, content.
Click Save — note encrypted with AES-256-GCM.

Notes support searching by title, content, and tags. Each note has timestamps (Created / Updated).

Desktop — Password generator

Access: Menu → Generate Password or "Gen." in the entry form.
Length: 8–64 characters (slider).
Symbols: toggle "Include Symbols" on/off.
Strength meter: 0–100 score with description (Very Weak → Very Strong).
Uses cryptographically secure random number generator (CSPRNG).
Every generated password contains at least: 1 uppercase, 1 lowercase, 1 digit (+ 1 symbol if enabled).

Desktop — Vault Health & HIBP

Menu → Vault Health. Automatic analysis of your vault:

Check	Description
Weak passwords	Score below 51/100 (via PasswordStrengthService)
Reused passwords	Same password used in multiple entries
Missing URLs	Entries without a website URL
Breached (HIBP)	Passwords found in public data breaches

HIBP privacy: Your passwords are never sent to the server. Vault3R uses k-anonymity — only the first 5 characters of the SHA-1 hash are transmitted. The full hash is compared locally.

Desktop — Settings

Section	Options
🔒 Security	Auto-lock timeout: OFF / 1 / 5 / 10 / 30 / 60 min
🎨 Theme	11 themes (3 premium require license)
⚙️ System	Start with Windows (autostart shortcut)
💾 Backup	Auto backup on exit (max 50 files, 30-day retention)
📱 Device Sync	Pair devices, unpair, auto-sync toggle
🔑 PIN	Set/remove PIN (6-8 digits)
🔐 TOTP	Generate secret, QR code, verify, remove
ℹ️ About	Version info, check for updates

Desktop — System tray

Closing the window hides the app to the system tray (first time: a tooltip explains this).

Tray option	Action
Open	Show main window
Lock	Lock the vault
Panic	Hide & lock immediately
Logout	Return to login screen
Exit	Fully close the app (with optional backup)

Double-click the tray icon to open the app.

Desktop — Keyboard shortcuts

Shortcut	Action
`Ctrl+Alt+L`	Lock Now
`Ctrl+Alt+U`	Unlock
`Ctrl+Alt+P`	Panic Mode (hide + lock)
`Enter`	Submit login / unlock form

Android — Unlock methods

Method	Priority	Details
Biometrics	Highest	Fingerprint or face recognition (AndroidKeyStore)
TOTP	High	Code from authenticator app
PIN	Standard	6-8 digit PIN
Master Password	Fallback	Always available

Note: PIN and biometrics only unlock a locally stored copy of the master password. The vault is always encrypted with the master password for full desktop compatibility.

Android — Autofill service

Enable autofill

Go to Android Settings → Passwords & autofill (or Security → Autofill service).
Select Vault3R as your autofill provider.
Login fields in apps and browsers will now show Vault3R suggestions.

Supported browsers

Chrome, Firefox, Edge, Brave, Opera, Samsung Internet, DuckDuckGo Browser.

Features

Inline suggestions (Android 11+) — credentials appear in the keyboard area
Save prompt — after manual login, Vault3R offers to save credentials
In-context password generator — generate and fill a strong password

Android — TOTP codes

Add TOTP to any entry: enter a base32 secret or scan an otpauth:// QR code.
Dedicated TOTP screen with all codes, formatted as XXX XXX.
Visual countdown (30s cycle) — tap to copy.
Supports SHA-1, SHA-256, SHA-512 algorithms.

Android — Quick Settings tiles

Vault3R adds a tile to Android's notification shade (swipe down from top):

Tap tile → opens Vault3R instantly
Quick access without finding the app icon

Android — Vault Health

Menu → Vault Health. Same checks as desktop:

Overall score: 0–100% with color coding (red / yellow / green)
Weak passwords, reused passwords, missing URLs

iOS — Unlock methods

After creating a vault, set up quick unlock:

Face ID / Touch ID: Settings → Enable Biometrics. Uses Secure Enclave to protect the master key.
PIN (6-8 digits): Keychain-backed with brute-force lockout after 5 failed attempts.
TOTP: Google Authenticator compatible 6-digit code.

Security: iOS uses the Secure Enclave for biometric authentication. The master key is never stored in plaintext — it is protected by the device's hardware security module.

iOS — AutoFill extension

Vault3R includes a Credential Provider extension for system-wide AutoFill:

Go to iOS Settings → Passwords → AutoFill Passwords.
Enable Vault3R as a provider.
When a login form appears in Safari or any app, tap the key icon and select from your vault.

Supported: Safari, Chrome, Firefox, Edge, and all apps using ASAuthorizationController.

iOS — Device sync

Identical to Android sync. Pair with Desktop or Android via QR code, then send/receive encrypted vault snapshots through the ephemeral relay.

TLS certificate pinning (SPKI SHA-256) protects relay connections
AES-256-GCM encryption with unique pairing key per device pair
Push notifications when a sync is available from a paired device

Encrypted device sync

Vault3R is a local-first password manager. Sync uses an encrypted ephemeral relay — no cloud storage, no accounts, zero knowledge.

┌──────────┐ ┌──────────┐ │ Desktop │──── AES-256-GCM ────────────►│ Relay │ │ (sender) │ encrypted vault │ Server │ └──────────┘ └────┬─────┘ │ 10 min TTL │ auto-delete ┌─────────┼─────────┐ ┌────▼─────┐ ┌────▼─────┐ │ Android │ │ iOS │ │(receiver)│ │(receiver)│ └──────────┘ └──────────┘ decrypt with pairing key

How it works

Pair devices (one-time): scan QR code to share a 256-bit pairing key.
Send: vault is encrypted with the pairing key (AES-256-GCM) and uploaded to relay.
Receive: receiver downloads and decrypts. Blob auto-deletes from relay.
Data is merged, not overwritten — new entries added, existing preserved.

Security guarantees:
• Relay server only stores opaque ciphertext (cannot read content)
• Channel ID derived via HMAC-SHA256 (server can't link channel to key)
• Max 10 MB per transfer, 10 minute TTL
• Random nonce per transfer (replay protection)

Device pairing

Pair desktop ↔ Android

Desktop: Settings → Device Sync → Pair New Device → QR code appears.
Android: Settings → Device Sync → Scan QR Code → scan the code.
Confirmation is automatic (polling up to 5 minutes).
You can pair multiple devices — each gets its own key and channel.

Manage paired devices

View all paired devices in Settings → Device Sync.
Unpair individual devices or unpair all.
Pairing keys are protected with DPAPI (Windows) or EncryptedSharedPreferences (Android).

Import / Export

Format	Import	Export	Encrypted	Notes
`.vlt`	✅	✅	✅	Vault3R native format, compatible Desktop ↔ Android
`.json`	✅	✅	✅	JSON with encrypted entries
`.csv`	✅	✅	❌	Plaintext! Supports Vault3R, Bitwarden, LastPass, KeePass formats

Import from another manager

Export a CSV from your current password manager (Bitwarden, LastPass, KeePass, etc.).
In Vault3R: Menu → Import → select the CSV file.
Vault3R auto-detects the format, separator, and encoding.
Choose Merge (add to existing) or Replace (overwrite).

CSV warning: CSV files contain passwords in plain text. Delete the CSV file after importing.

Backup & Restore

Auto-backup (Desktop)

Settings → Backup → enable Auto backup on exit.
Creates encrypted backup on every app close.
Location: %AppData%\Vault3R\Backups\
Retention: max 50 files, 30-day rolling window.

Manual backup

Menu → Backups.
Click Create Backup.
Encrypted .vlt file created instantly.

Restore

In Backup Manager, select a backup file.
Choose restore mode:
- Overwrite — replace current vault entirely (requires confirmation).
- Merge — add entries from backup, keep existing ones.

Security overview

Aspect	Implementation
Data encryption	AES-256-GCM (authenticated encryption with associated data)
Key derivation	PBKDF2-HMAC-SHA256, 200,000 iterations
File integrity	SHA-256 hash with constant-time verification
TOTP secret protection	DPAPI (Windows) / EncryptedSharedPreferences (Android)
PIN protection	AES-256-GCM + PBKDF2 (150,000 iterations)
Pairing key protection	DPAPI (Windows) / AndroidKeyStore
Relay encryption	AES-256-GCM with pairing key (end-to-end)
Password hashing	PBKDF2-HMAC-SHA256, format: `v2$pbkdf2-sha256$...`
Random number generation	Cryptographic CSPRNG (`RandomNumberGenerator`)

Encryption details

Encryption versions

Version	Algorithm	Iterations	Prefix	Status
v1 (legacy)	AES-256-CBC + PBKDF2	100,000	none	Decrypt only
v2 (current)	AES-256-GCM + PBKDF2	200,000	`v2:`	Default
v3 (optimized)	AES-256-GCM + pre-derived key	200,000*	`v3:`	Optional

* v3 runs PBKDF2 once at vault open, then reuses the derived key for all operations.

v2 encryption scheme

Input: plaintext, masterPassword, contextSalt (e.g. "entry", "note") 1. salt = RandomBytes(16) 2. key = PBKDF2-HMAC-SHA256(masterPassword, salt, 200000, 32 bytes) 3. nonce = RandomBytes(12) 4. aad = UTF8(contextSalt) // Additional Authenticated Data 5. (ct, tag) = AES-256-GCM.Encrypt(key, nonce, plaintext, aad) 6. output = "v2:" + Base64(salt[16] + nonce[12] + tag[16] + ciphertext[N])

Password verifier

1. salt = RandomBytes(16) 2. hash = PBKDF2-HMAC-SHA256(password, salt, 200000, 32 bytes) 3. verifier = "v2$pbkdf2-sha256$200000$" + Base64(salt) + "$" + Base64(hash) Comparison: CryptographicOperations.FixedTimeEquals() — timing-attack resistant

Vault file format (VLTDB)

The vault is stored as a binary file with gzip compression and SHA-256 integrity verification.

Offset	Size	Content
0	5 bytes	Magic: `"VLTDB"` (ASCII)
5	1 byte	Version: `0x01`
6	1 byte	Compression: `0x01` (gzip)
7	4 bytes	Payload length (uint32 LE)
11	32 bytes	SHA-256 hash of uncompressed payload
43	N bytes	Gzip-compressed JSON payload

Payload structure

{ "verifier": "v2$pbkdf2-sha256$200000$base64salt$base64hash", "entries": ["v2:BASE64(salt+nonce+tag+encrypted_entry_json)", ...], "notes": ["v2:BASE64(salt+nonce+tag+encrypted_note_json)", ...], "settings": { "autoBackupEnabled": true, "autoLockMinutes": 5, "categoryOrder": ["Banking", "Social", "Email"] } }

Each entry and note is encrypted individually (per-entry encryption). Corrupting one entry doesn't affect the rest.

PIN / TOTP / Biometric unlock

PIN (Desktop & Android)

Parameter	Value
Algorithm	AES-256-GCM + PBKDF2-HMAC-SHA256
Iterations	150,000
PIN length	6-8 digits (min. 6 since v4.3.6)
Storage	`pin.dat` (salt + nonce + tag + ciphertext)

The PIN encrypts the master password locally. Correct PIN → decrypt → master password → open vault.

TOTP unlock (Desktop)

Parameter	Value
Standard	RFC 6238 (TOTP), HMAC-SHA1, 6 digits, 30s
Secret protection	DPAPI (`ProtectedData.Protect`, CurrentUser scope)
File format	v2: version + DPAPI-wrapped secret + salt + nonce + tag + ciphertext
Clock tolerance	±1 window (90 seconds total)

Biometrics (Android)

Hardware-backed AndroidKeyStore + BiometricPrompt
Master password encrypted with biometric-gated AES key
setUserAuthenticationRequired(true) — requires auth per operation

Brute-force protection

Exponential backoff

Attempt	Lockout
1–3	None
4	5 seconds
5	10 seconds
6	20 seconds
7	40 seconds
8+	60 seconds (max)

Persistence (since v4.3.6)

Lockout state is saved to disk (lockout.json). Restarting the app does not reset the counter. The state auto-clears after 10 minutes of cooldown.

Clipboard security

Desktop (Windows)

Atomic clipboard write via Win32 API (no race conditions with clipboard monitors)
Auto-clear after 30 seconds (only if clipboard hasn't been changed by user)
Excluded from Windows Clipboard History (Win+V) via ExcludeClipboardContentFromMonitorProcessing
Excluded from Cloud Clipboard (cross-device sync)

Android

ClipboardClearService (foreground service) clears after 30 seconds
Notification shows countdown

Architecture — System overview

┌──────────────────────────────────────────────────────────────────┐ │ Vault3R Ecosystem │ │ │ │ ┌──────────────┐ relay.php ┌──────────────────┐ │ │ │ Desktop │◄──── E2E enc ────►│ Android │ │ │ │ (WPF/.NET) │ AES-256-GCM │ (Compose) │ │ │ └──────┬───────┘ └────────┬──────────┘ │ │ │ │ │ │ │ Shared vault format: vault.vlt.db (VLTDB) │ │ │ Shared crypto: AES-256-GCM + PBKDF2-SHA256 │ │ │ │ │ │ ┌──────┴─────────────────────────────────────┴──────────┐ │ │ │ Backend (PHP) │ │ │ │ • Licenses (generate / consume / verify) │ │ │ │ • Relay (ephemeral vault transfer, 10 min TTL) │ │ │ │ • Payments (Stellar XLM via Horizon API) │ │ │ │ • Trial (file-based, per-device) │ │ │ └────────────────────────────────────────────────────────┘ │ └──────────────────────────────────────────────────────────────────┘

Component	Technology	Version
Desktop (Windows)	C# / WPF / .NET 8	4.3.6
Android	Kotlin / Jetpack Compose / Material 3	4.3.4
Backend (Web/API)	PHP 7.4+ / MySQL	—

Architecture — Desktop services

Service	Purpose
`CryptoService`	Core cryptography: AES-GCM, PBKDF2, password generation, batch encryption
`DatabaseService`	Vault management: CRUD, merge, import/export, VLTDB format (~2750 lines)
`DevicePairingService`	Multi-device pairing: QR, DPAPI-protected keys, channel IDs
`VaultRelayService`	Encrypted vault transfer via relay (E2E AES-256-GCM)
`ClipboardService`	Secure clipboard: Win32 atomic write, auto-clear, history exclusion
`PinService`	PIN quick-unlock (AES-GCM + PBKDF2 150k)
`TotpLockService`	TOTP unlock with DPAPI-protected secret (v2 format)
`TotpService`	TOTP code generator (RFC 6238, SHA-1/256/512)
`LockoutPersistenceService`	Brute-force state persistence to disk
`AutoBackupService`	Auto-backup on exit (max 50, 30-day retention)
`LicenseService`	Trial (7 days) + license key activation via API
`PasswordStrengthService`	Password scoring (0-100) with strength categories
`ThemeService`	11 themes (8 free + 3 premium with glow effects)
`CsvImportExportService`	CSV import: Vault3R, Bitwarden, LastPass, KeePass, generic
`StartupService`	Windows autostart (shortcut in shell:startup)
`DialogService`	Unified dialog system (Info/Warning/Error/Confirm)

Architecture — Android modules

Package	Purpose
`crypto/`	AES-256-GCM, PBKDF2, legacy CBC compatibility
`vault/`	VaultRepository: data layer with caching
`vlt/`	VLTDB binary format (read/write)
`autofill/`	AutofillService (~1100 lines): Chrome, Firefox, Edge, Brave, etc.
`unlock/`	BiometricHelper, PinManager, TotpUnlockManager
`relay/`	DevicePairingManager, RelayClient, RelayEncryption (E2E)
`ui/screens/`	10 Compose screens: passwords, notes, settings, health, sync, TOTP
`ui/theme/`	Material 3 + 11 themes (identical to Desktop)
`tile/`	Quick Settings tile service
`update/`	Auto-update checker via latest.json

Architecture — iOS modules

Module	Purpose
`CryptoService`	AES-256-GCM, PBKDF2-SHA256 (200k iterations) via CryptoKit
`VaultRepository`	Data layer: VLTDB read/write, entry caching
`UnlockStorage`	Keychain-backed PIN/biometric/TOTP state
`VaultRelayService`	E2E encrypted sync via ephemeral relay + TLS cert pinning
`AutoFillExtension`	ASCredentialProviderViewController for Safari & apps
`PinnedURLSession`	SPKI SHA-256 TLS certificate pinning
`AppUpdateService`	Auto-update checker via latest-ios.json
`ThemeManager`	11 themes with glow effects (identical to other platforms)

Architecture — Backend API

Endpoint	Method	Purpose
`/api/consume-license.php`	POST	One-time license activation (status 0→1, device binding)
`/api/verify-license.php`	POST	Verify active license + device match
`/api/generate-license.php`	POST	Generate key after payment confirmation
`/api/check-payment.php`	POST	Check Stellar XLM payment via Horizon API
`/api/relay.php`	POST	Ephemeral vault storage (E2E encrypted, 10 min TTL, 10 MB max)
`/api/trial-check.php`	POST	Per-device trial status (file-based)
`/api/get-price.php`	GET	Cached XLM/USD price (CoinGecko proxy)

File locations

Windows

File	Path
Vault database	`%AppData%\Vault3R\vault.vlt.db`
PIN data	`%AppData%\Vault3R\pin.dat`
TOTP config	`%AppData%\Vault3R\totp_unlock.dat`
License	`%AppData%\Vault3R\license.lic`
Theme	`%AppData%\Vault3R\theme.json`
Lockout state	`%AppData%\Vault3R\lockout.json`
Auto-backups	`%AppData%\Vault3R\Backups\`
Pairing keys	`%AppData%\Vault3R\paired_devices.json`

Android

File	Location
Vault database	App-private internal storage: `files/vault.vlt.db`
Preferences	`EncryptedSharedPreferences` (AES-256-GCM)
Biometric key	`AndroidKeyStore` (hardware-backed)

Troubleshooting

Problem	Solution
"Too many failed attempts"	Wait for lockout to expire (5–60s). Restarting the app does not reset the counter (since v4.3.6).
Windows SmartScreen warning	Click "More info" → "Run anyway". This is expected with self-signed certificates.
.NET 8 not installed	Download from dotnet.microsoft.com.
Vault won't open	File may be corrupted. Restore from a backup (`%AppData%\Vault3R\Backups\`).
Forgot master password	No recovery possible. Restore from a backup you can unlock, or create a new vault.
CSV import fails	Ensure the CSV uses a supported format: Vault3R, Bitwarden, LastPass, or KeePass.
Autofill not working (Android)	Check Settings → Passwords & autofill → verify Vault3R is selected as the autofill provider.
Biometric not working	Ensure you have a fingerprint/face registered in Android system settings.
Sync timeout	Both devices need internet access. Relay blob expires after 10 minutes.
Forgot PIN	Use "Master Password" to unlock, then reset the PIN in Settings.
App installed, "Install blocked"	Android Settings → Security → allow installing unknown apps for your browser.

FAQ

Q: Where is the vault stored?

Windows: %AppData%\Vault3R\vault.vlt.db. Android: app-private internal storage.

Q: Can I use the same vault on desktop and phone?

Yes — use Encrypted Device Sync (recommended) or manually transfer a .vlt backup file.

Q: Does the relay server see my passwords?

No. The vault is encrypted end-to-end with your pairing key before upload. The relay only handles opaque ciphertext.

Q: Can I restore a backup on another computer?

Yes — export a .vlt file and import it on the other machine with the correct master password.

Q: Does logout create a backup?

No — auto-backups only run on real app exit (Exit from tray or close with exit flag).

Q: I clicked "X" and the app still runs. Is that normal?

Yes — the window minimizes to the system tray. Use tray menu → Exit to fully close.

Q: Is my data sent to any server?

Only during sync (encrypted, ephemeral, zero-knowledge) and license verification. Passwords, entries, and notes never leave your device unencrypted.

Q: What happens if I lose my phone?

Your vault is encrypted. Without the master password (or PIN/biometric), data cannot be accessed. The vault file is also in app-private storage (allowBackup=false).

Q: How is the HIBP check private?

Vault3R uses k-anonymity. Only the first 5 hex characters of the SHA-1 hash are sent to the API. The full comparison happens locally on your device.